CVE-2020-24394

CWE-732 — Incorrect Permission Assignment11 documents9 sources

Severity

7.1HIGH

EPSS

0.1%

top 83.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Opensuse Leap +2 more

Timeline

PublishedAug 19

Latest updateMay 24

Description

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages5 packages

▶NVDlinux/linux_kernel< 5.7.8

▶Debianlinux< 5.7.6-1+3

▶NVDopensuse/leap15.1

▶NVDoracle/sd-wan_edge8.2

▶NVDstarwindsoftware/starwind_virtual_sanv8

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 20.04

Patches

Patch: git.kernel.org ↗Patch: www.oracle.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-fvv9-qhmx-c8wm: In the Linux kernel before 5↗2022-05-24

▶

CVEList

CVE-2020-24394: In the Linux kernel before 5↗2020-08-19

▶

OSV

CVE-2020-24394: In the Linux kernel before 5↗2020-08-19

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2020-09-03

▶

Ubuntu

Linux kernel vulnerabilities↗2020-09-03

▶

Ubuntu

linux kernel vulnerabilities↗2020-08-23

▶

Microsoft

In the Linux kernel before 5.7.8 fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support aka CID-22cf8419f131. This occurs becau↗2020-08-11

▶

Red Hat

kernel: umask not applied on filesystem without ACL support↗2020-06-05

▶

💬Community

Bugzilla

CVE-2020-24394 kernel: umask not applied on filesystem without ACL support↗2020-08-17

▶